[PATCH 24/24] security: console: add security policy for console input

Wed, 20 Aug 2025 07:41:00 -0700 

Disabling the input path of the console is the safest bet to make
barebox fully non interactive. Add a security policy for this case.

Signed-off-by: Sascha Hauer <[email protected]>
---
 common/Sconfig          | 11 ++++++++++-
 common/console.c        |  6 ++++++
 common/console_simple.c |  6 ++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/common/Sconfig b/common/Sconfig
index 
ec68bc2737af02cff3ce38c7bc1b9d59af2336c5..b5c585b11b20a9f106f62813263f739d74f3667f
 100644
--- a/common/Sconfig
+++ b/common/Sconfig
@@ -2,6 +2,15 @@
 
 menu "General Settings"
 
+config CONSOLE_INPUT
+       bool "Allow console input"
+       depends on $(kconfig-enabled,CONSOLE_SIMPLE) || 
$(kconfig-enabled,CONSOLE_FULL)
+       help
+         Say y here if you want to allow input on consoles. Disabling this is 
the safest
+         thing to make sure that a barebox build is fully non interactive. 
When you
+         still need to react to input for example to trigger a recovery boot 
then consider
+         disabling this option and disable SHELL_INTERACTIVE instead.
+
 config SHELL
        bool "Allow executing shell scripts"
        depends on $(kconfig-enabled,SHELL_HUSH) || 
$(kconfig-enabled,SHELL_SIMPLE)
@@ -13,7 +22,7 @@ config SHELL
 
 config SHELL_INTERACTIVE
        bool "Allow executing interactive shell"
-       depends on SHELL
+       depends on SHELL && CONSOLE_INPUT
        help
          An interactive shell cannot be safely executed in trusted 
environments. Disable
          this option in lockdown security configs.
diff --git a/common/console.c b/common/console.c
index 
ee498fadf3700376b6325be10911b2081ff1ebb3..24fbee6904d446ecb55f22f1e3e9beeddb3ceeb0
 100644
--- a/common/console.c
+++ b/common/console.c
@@ -513,6 +513,9 @@ static int tstc_raw(void)
 {
        struct console_device *cdev;
 
+       if (!IS_ALLOWED(SCONFIG_CONSOLE_INPUT))
+               return 0;
+
        for_each_console(cdev) {
                if (!(cdev->f_active & CONSOLE_STDIN))
                        continue;
@@ -528,6 +531,9 @@ int getchar(void)
        unsigned char ch;
        uint64_t start;
 
+       if (!IS_ALLOWED(SCONFIG_CONSOLE_INPUT))
+               return -1;
+
        /*
         * For 100us we read the characters from the serial driver
         * into a kfifo. This helps us not to lose characters
diff --git a/common/console_simple.c b/common/console_simple.c
index 
f00fd567ed5d1ec7b0a8f00179953c08dda49de3..0e8a4bff2a692067765cb3d6feb93dd5b070ff82
 100644
--- a/common/console_simple.c
+++ b/common/console_simple.c
@@ -45,6 +45,9 @@ EXPORT_SYMBOL(console_putc);
 
 int tstc(void)
 {
+       if (!IS_ALLOWED(SCONFIG_CONSOLE_INPUT))
+               return 0;
+
        if (!console)
                return 0;
 
@@ -54,6 +57,9 @@ EXPORT_SYMBOL(tstc);
 
 int getchar(void)
 {
+       if (!IS_ALLOWED(SCONFIG_CONSOLE_INPUT))
+               return -1;
+
        if (!console)
                return -EINVAL;
        return console->getc(console);

-- 
2.39.5

Reply via email to